[Novalug] SElinux, my foe
Kevin Cole
dc.loco@gmail.com
Mon Jul 11 11:17:55 EDT 2011
Hi,
After a long hiatus from it, I am being forced to do battle once again
with SElinux. While I know I could just turn the damned thing off,
I'm hoping for truce and reconciliation rather than annihilation. ;-)
So... The news from the front thus far:
Under Ubuntu w/o SElinux, I have a working Django / mod_python setup.
(No WSGI.) Porting the same setup to RHEL 6, it works if I turn off
SElinux, but if I leave it "enforcing", I get:
| ImportError: No module named django.core.handlers.modpython
I think the relevant details are:
* I'm using an SVN copy of Django, living in my ~/lib/django/trunk.
* I have a symlink /usr/lib/python2.6/site-packages/django -> ~/lib/django/trunk
* I have the actual "site" in ~/Django/psite/
* Everything I can think of has been given the type httpd_user_content_t
* I've set to "on" booleans:
- httpd_tmp_exec
- httpd_can_network_connect
- httpd_can_network_connect_db
- httpd_can_network_connect
* I've looked at a lot of documentation (including that of the lead
SElinux developer for Red Hat) that suggests using commands that don't
exist.
* I've been trying to figure out how to get useful information from
the audit logs, and failing.
I'm reaching the point of considering nuclear options again. ;-)
Are there some SElinux wizards out there?
More information about the Novalug
mailing list